URL: https://line209.xyz/
Submission Tags: [phishing]
Submission: On February 26 via api from JP — Scanned from JP

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 103.231.167.206, located in Hong Kong and belongs to BCPL-SG BGPNET Global ASN, SG. The main domain is line209.xyz.
TLS certificate: Issued by R3 on February 22nd 2022. Valid for: 3 months.
This is the only time line209.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Line (Online)

Domain & IP information

IP Address AS Autonomous System
10 103.231.167.206 64050 (BCPL-SG B...)
10 1
Apex Domain
Subdomains
Transfer
10 line209.xyz
line209.xyz
66 KB
10 1
Domain Requested by
10 line209.xyz line209.xyz
10 1

This site contains no links.

Subject Issuer Validity Valid
line576.xyz
R3
2022-02-22 -
2022-05-23
3 months crt.sh

This page contains 1 frames:

Primary Page: https://line209.xyz/
Frame ID: A1B67F78BFD1271F7094E03EABFB9694
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

Line

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

66 kB
Transfer

131 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
line209.xyz/
3 KB
2 KB
Document
General
Full URL
https://line209.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.231.167.206 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
nginx /
Resource Hash
9b4984d9db940b0b680b6cf18c38c5ae58fd6642986ac5a15b3e204fff3a01b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

server
nginx
date
Sat, 26 Feb 2022 07:40:31 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
common.css
line209.xyz/static/line/Line/CSS/
396 B
599 B
Stylesheet
General
Full URL
https://line209.xyz/static/line/Line/CSS/common.css
Requested by
Host: line209.xyz
URL: https://line209.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.231.167.206 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
nginx /
Resource Hash
aec878841749ab41fae5812d57f6ecc4b44570e41b71b77f1e8a65da395f4eb7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://line209.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 26 Feb 2022 07:40:31 GMT
last-modified
Mon, 04 Oct 2021 07:42:14 GMT
server
nginx
etag
"615ab056-18c"
strict-transport-security
max-age=31536000
content-type
text/css
cache-control
max-age=43200
accept-ranges
bytes
content-length
396
expires
Sat, 26 Feb 2022 19:40:31 GMT
common.js
line209.xyz/static/line/Line/JS/
4 KB
1 KB
Script
General
Full URL
https://line209.xyz/static/line/Line/JS/common.js
Requested by
Host: line209.xyz
URL: https://line209.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.231.167.206 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
nginx /
Resource Hash
3760ec5b9e86eeaa73b3647ce49647580784b153d4a735c9431ec90149cec6a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://line209.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 26 Feb 2022 07:40:31 GMT
content-encoding
gzip
last-modified
Wed, 06 Oct 2021 14:42:58 GMT
server
nginx
etag
W/"615db5f2-fa6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
strict-transport-security
max-age=31536000
expires
Sat, 26 Feb 2022 19:40:31 GMT
ajax.js
line209.xyz/static/line/Line/JS/
1013 B
1 KB
Script
General
Full URL
https://line209.xyz/static/line/Line/JS/ajax.js
Requested by
Host: line209.xyz
URL: https://line209.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.231.167.206 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
nginx /
Resource Hash
b6a7031f9a34f1d26bde1c9af93ac324b631f1ca4f30bd496a02c386373cda3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://line209.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 26 Feb 2022 07:40:31 GMT
last-modified
Mon, 04 Oct 2021 07:42:28 GMT
server
nginx
etag
"615ab064-3f5"
strict-transport-security
max-age=31536000
content-type
application/javascript
cache-control
max-age=43200
accept-ranges
bytes
content-length
1013
expires
Sat, 26 Feb 2022 19:40:31 GMT
alert.css
line209.xyz/static/line/Line/CSS/
5 KB
1 KB
Stylesheet
General
Full URL
https://line209.xyz/static/line/Line/CSS/alert.css
Requested by
Host: line209.xyz
URL: https://line209.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.231.167.206 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
nginx /
Resource Hash
b31778c9bd0482837ef6aad52908888f86b499041b287576b7ccd9d3edcfa312
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://line209.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 26 Feb 2022 07:40:31 GMT
content-encoding
gzip
last-modified
Mon, 04 Oct 2021 07:42:34 GMT
server
nginx
etag
W/"615ab06a-140a"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=43200
strict-transport-security
max-age=31536000
expires
Sat, 26 Feb 2022 19:40:31 GMT
jquery.min.js
line209.xyz/static/line/Line/JS/
91 KB
36 KB
Script
General
Full URL
https://line209.xyz/static/line/Line/JS/jquery.min.js
Requested by
Host: line209.xyz
URL: https://line209.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.231.167.206 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
nginx /
Resource Hash
c1bcc5f2066e4476e6dbab0b5a9b9700b86f4d6ebeb2900d73ee97e53753d4f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://line209.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 26 Feb 2022 07:40:31 GMT
content-encoding
gzip
last-modified
Mon, 04 Oct 2021 07:42:42 GMT
server
nginx
etag
W/"615ab072-16bb2"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
strict-transport-security
max-age=31536000
expires
Sat, 26 Feb 2022 19:40:31 GMT
alert.js
line209.xyz/static/line/Line/JS/
6 KB
2 KB
Script
General
Full URL
https://line209.xyz/static/line/Line/JS/alert.js
Requested by
Host: line209.xyz
URL: https://line209.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.231.167.206 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
nginx /
Resource Hash
cb2af2c6dae1f3e9848e721807e6d40da02a1ff8b28972deb65eb605b5be7b22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://line209.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 26 Feb 2022 07:40:31 GMT
content-encoding
gzip
last-modified
Mon, 04 Oct 2021 07:42:48 GMT
server
nginx
etag
W/"615ab078-19aa"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
strict-transport-security
max-age=31536000
expires
Sat, 26 Feb 2022 19:40:31 GMT
riicon.png
line209.xyz/static/line/Line/image/
11 KB
11 KB
Image
General
Full URL
https://line209.xyz/static/line/Line/image/riicon.png
Requested by
Host: line209.xyz
URL: https://line209.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.231.167.206 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
nginx /
Resource Hash
98bedf884fd3400f0dbe98be7b3dfedbe60b16d8a39bf320ce9dfbc73999f44b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://line209.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 26 Feb 2022 07:40:31 GMT
last-modified
Mon, 04 Oct 2021 07:43:30 GMT
server
nginx
etag
"615ab0a2-2c5d"
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
11357
expires
Mon, 28 Mar 2022 07:40:31 GMT
kaishi.png
line209.xyz/static/line/Line/image/
2 KB
2 KB
Image
General
Full URL
https://line209.xyz/static/line/Line/image/kaishi.png
Requested by
Host: line209.xyz
URL: https://line209.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.231.167.206 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
nginx /
Resource Hash
a2661b760e30f7a9cef9e98585be87d46c8e264e1f2c4d69445945f0cbf904fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://line209.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 26 Feb 2022 07:40:31 GMT
last-modified
Mon, 04 Oct 2021 07:43:38 GMT
server
nginx
etag
"615ab0aa-786"
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
1926
expires
Mon, 28 Mar 2022 07:40:31 GMT
6.gif
line209.xyz/static/line/Line/image/
8 KB
8 KB
Image
General
Full URL
https://line209.xyz/static/line/Line/image/6.gif
Requested by
Host: line209.xyz
URL: https://line209.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.231.167.206 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
nginx /
Resource Hash
8004a949a3ff93a7de69857b8ef25ebf3564a942991d014339a125dd94432894
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://line209.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 26 Feb 2022 07:40:31 GMT
last-modified
Mon, 04 Oct 2021 07:44:20 GMT
server
nginx
etag
"615ab0d4-1ee9"
strict-transport-security
max-age=31536000
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
content-length
7913
expires
Mon, 28 Mar 2022 07:40:31 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Line (Online)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| openZhezhao function| closeZhezhao function| openMssage function| closeMssage function| toPage function| encodeBianMa function| decodeJieMa function| checkNullLength function| checkNull function| checkLength function| booleToInt function| checkZhenshu function| checkFloat function| onkeypressFloat function| onkeyupFloat function| onblurFloat function| returnPage undefined| xmlHttpRequest function| createXmlHttpRequest function| ajax function| $ function| jQuery function| jqueryAlert function| doLogpage function| gogo

2 Cookies

Domain/Path Name / Value
line209.xyz/ Name: think_var
Value: ja-jp
line209.xyz/ Name: sfba4deee
Value: pgd5enc31pa6669nasg2o9k430

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000